Vulnerabilities > Iteris
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-17 | CVE-2020-9025 | Cross-site Scripting vulnerability in Iteris Vantage Velocity Firmware 2.4.2 Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. | 4.3 |
2020-02-17 | CVE-2020-9024 | Improper Privilege Management vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. | 10.0 |
2020-02-17 | CVE-2020-9023 | Insufficiently Protected Credentials vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). | 7.5 |
2020-02-17 | CVE-2020-9020 | OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | 10.0 |